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We Claim : 

1. A method of performing automated trust negotiations between 
first and second parties connected over a network, said method 
comprising the steps of: 

providing each party with a set of credentials, wherein a 
credential provides an authorization of a property of its 
respective party; 

classifying one or more credentials in the set of 
credentials for said first party as sensitive, such that they can 
only be disclosed to another party subject to certain 
predetermined criteria; 

establishing negotiations over the network between said 
first and second parties in order to complete a desired 
transaction, wherein said transaction is only authorized to 
proceed if at least one of the parties receives certain 
predetermined credentials from the other party; and 

transmitting at least one of the one or more sensitive 
credentials from the first party to the second party as part of 
said negotiations, subject to the first party previously 
receiving from the second party one or more credentials that 
satisfy said certain predetermined criteria; 

wherein said first and second parties are a server and a 
client respectively, wherein said server is to perform the 
desired transaction in response to a request from the client; 

wherein the server specifies a set of credentials that it 
must receive from a client in order to set up or perform the 
transaction; 

wherein both the client and the server have one or more 
credentials in their respective sets of credentials which are 
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classified as sensitive, such that they can only be disclosed to 
another party subject to certain predetermined criteria; 

wherein the negotiations over the network between the client 
and the server in order to complete a desired transaction include 
transmitting at least one of the one or more sensitive 
credentials from the client to the server as part of said 
negotiations, subject to the client previously receiving from the 
server one or more credentials that satisfy said certain 
predetermined criteria for the client; 

wherein at least one party adopts an eager strategy, 
according to which all sensitive credentials are transmitted to 
the other party subject only to receipt of certain predetermined 
credentials from the other party, irrespective of whether or not 
transmission of such sensitive credentials is necessary in order 
to complete said transaction; and 

wherein at least one party adopts a parsimonious strategy, 
according to which only selected sensitive credentials are 
transmitted to the other party from the set of sensitive 
credentials that could be transmitted after receipt of certain 
predetermined credentials from the other party, said selection 
being performed on the basis of transmitting only those sensitive 
credentials that are specifically necessary in order to complete 
said transaction. 

2. The method of claim 1, wherein said first and second parties 
are a client and a server respectively, wherein said server is to 
perform the desired transaction in response to a request from the 
client . 
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3. The method of claim 2, wherein in order to set up or perform 
the transaction, the client is required to supply at least one of 
the one or more sensitive credentials to the server. 

4. The method of claim 1, wherein said parsimonious strategy 
involves the exchange of credential requests to establish a point 
of confidence prior to transmission of credentials themselves. 

5. The method of claim 1, wherein at least one party initially 
adopts an eager strategy, according to which all sensitive 
credentials are transmitted to the other party subject only to 
receipt of certain predetermined credentials from the other 
party, irrespective of whether or not transmission of such 
sensitive credentials is necessary in order to complete said 
transaction, and then at a later stage of said negotiations 
subsequently adopts a parsimonious strategy, according to which 
only selected sensitive credentials are transmitted to the other 
party from the set of sensitive credentials that could be 
transmitted after receipt of certain predetermined credentials 
from the other party, said selection being performed on the basis 
of transmitting only those sensitive credentials that are 
specifically necessary in order to complete said transaction. 



6. The method of claim 1, wherein said server defines a service 
governing policy that specifies certain roles, such that said 
client can only set up or perform the transaction if it has 
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sufficient credentials to allow it to assume one of said certain 
roles . 



7. A computer program product stored on a computer readable 
storage medium for, when run on a computer system, carrying out 
the method of claim 1. 

8. A data processing apparatus for use in performing automated 
trust negotiations between first and second parties connected 
over a network, the apparatus comprising: 

means for providing a party with a set of credentials, 
wherein a credential provides an authorization of a property of 
its respective party; 

means for classifying one or more credentials in the set of 
credentials for said first party as sensitive, such that they can 
only be disclosed to another party subject to certain 
predetermined criteria; 

means for establishing negotiations over the network between 
said first and second parties in order to complete a desired 
transaction, wherein said transaction is only authorized to 
proceed if at least one of the parties receives certain 
predetermined credentials from the other party; and 

means for transmitting at least one of the one or more 
sensitive credentials from the first party to the second party as 
part of said negotiations, subject to the first party previously 
receiving from the second party one or more credentials that 
satisfy said certain predetermined criteria; 

wherein said first and second parties are a server and a 
client respectively, wherein said server is to perform the 
desired transaction in response to a request from the client; 
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wherein the server specifies a set of credentials that it 
must receive from a client in order to set up or perform the 
transaction; 

wherein both the client and the server have one or more 
credentials in their respective sets of credentials which are 
classified as sensitive, such that they can only be disclosed to 
another party subject to certain predetermined criteria; 

wherein the negotiations over the network between the client 
and the server in order to complete a desired transaction include 
transmitting at least one of the one or more sensitive 
credentials from the client to the server as part of said 
negotiations, subject to the client previously receiving from the 
server one or more credentials that satisfy said certain 
predetermined criteria for the client; 

wherein at least one party adopts an eager strategy, 
according to which all sensitive credentials are transmitted to 
the other party subject only to receipt of certain predetermined 
credentials from the other party, irrespective of whether or not 
transmission of such sensitive credentials is necessary in order 
to complete said transaction; and 

wherein at least one party adopts a parsimonious strategy, 
according to which only selected sensitive credentials are 
transmitted to the other party from the set of sensitive 
credentials that could be transmitted after receipt of certain 
predetermined credentials from the other party, said selection 
being performed on the basis of transmitting only those sensitive 
credentials that are specifically necessary in order to complete 
said transaction. 



